EP2742644B1 - Verschlüsselungs- und entschlüsselungsverfahren - Google Patents
Verschlüsselungs- und entschlüsselungsverfahren Download PDFInfo
- Publication number
- EP2742644B1 EP2742644B1 EP12772804.6A EP12772804A EP2742644B1 EP 2742644 B1 EP2742644 B1 EP 2742644B1 EP 12772804 A EP12772804 A EP 12772804A EP 2742644 B1 EP2742644 B1 EP 2742644B1
- Authority
- EP
- European Patent Office
- Prior art keywords
- key
- bit
- function
- encryption
- public
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Active
Links
- 238000000034 method Methods 0.000 title claims description 129
- 230000006870 function Effects 0.000 claims description 127
- 239000011159 matrix material Substances 0.000 claims description 40
- 238000006467 substitution reaction Methods 0.000 claims description 18
- 238000012545 processing Methods 0.000 claims description 8
- 238000004193 electrokinetic chromatography Methods 0.000 description 6
- 230000008569 process Effects 0.000 description 6
- 238000004458 analytical method Methods 0.000 description 5
- 230000005540 biological transmission Effects 0.000 description 5
- 238000004891 communication Methods 0.000 description 5
- 238000010586 diagram Methods 0.000 description 3
- 230000002829 reductive effect Effects 0.000 description 3
- 230000002441 reversible effect Effects 0.000 description 3
- 230000008859 change Effects 0.000 description 2
- 238000010276 construction Methods 0.000 description 2
- 230000001419 dependent effect Effects 0.000 description 2
- 230000014509 gene expression Effects 0.000 description 2
- 230000006872 improvement Effects 0.000 description 2
- 238000012886 linear function Methods 0.000 description 2
- 239000000463 material Substances 0.000 description 2
- 238000012544 monitoring process Methods 0.000 description 2
- 230000009466 transformation Effects 0.000 description 2
- 238000013459 approach Methods 0.000 description 1
- 230000000052 comparative effect Effects 0.000 description 1
- 238000007906 compression Methods 0.000 description 1
- 230000006835 compression Effects 0.000 description 1
- 230000008094 contradictory effect Effects 0.000 description 1
- 238000013144 data compression Methods 0.000 description 1
- 238000013461 design Methods 0.000 description 1
- 238000009792 diffusion process Methods 0.000 description 1
- 230000000694 effects Effects 0.000 description 1
- 238000005516 engineering process Methods 0.000 description 1
- 238000009472 formulation Methods 0.000 description 1
- 230000008571 general function Effects 0.000 description 1
- 230000000873 masking effect Effects 0.000 description 1
- 239000000203 mixture Substances 0.000 description 1
- 230000008092 positive effect Effects 0.000 description 1
- 230000000135 prohibitive effect Effects 0.000 description 1
- 230000009467 reduction Effects 0.000 description 1
- 238000012795 verification Methods 0.000 description 1
Images
Classifications
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L9/00—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
- H04L9/08—Key distribution or management, e.g. generation, sharing or updating, of cryptographic keys or passwords
- H04L9/0816—Key establishment, i.e. cryptographic processes or cryptographic protocols whereby a shared secret becomes available to two or more parties, for subsequent use
- H04L9/0838—Key agreement, i.e. key establishment technique in which a shared key is derived by parties as a function of information contributed by, or associated with, each of these
- H04L9/0841—Key agreement, i.e. key establishment technique in which a shared key is derived by parties as a function of information contributed by, or associated with, each of these involving Diffie-Hellman or related key agreement protocols
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L9/00—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
- H04L9/30—Public key, i.e. encryption algorithm being computationally infeasible to invert or user's encryption keys not requiring secrecy
- H04L9/3006—Public key, i.e. encryption algorithm being computationally infeasible to invert or user's encryption keys not requiring secrecy underlying computational problems or public-key parameters
- H04L9/3013—Public key, i.e. encryption algorithm being computationally infeasible to invert or user's encryption keys not requiring secrecy underlying computational problems or public-key parameters involving the discrete logarithm problem, e.g. ElGamal or Diffie-Hellman systems
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L9/00—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
- H04L9/30—Public key, i.e. encryption algorithm being computationally infeasible to invert or user's encryption keys not requiring secrecy
- H04L9/3006—Public key, i.e. encryption algorithm being computationally infeasible to invert or user's encryption keys not requiring secrecy underlying computational problems or public-key parameters
- H04L9/302—Public key, i.e. encryption algorithm being computationally infeasible to invert or user's encryption keys not requiring secrecy underlying computational problems or public-key parameters involving the integer factorization problem, e.g. RSA or quadratic sieve [QS] schemes
Definitions
- the invention relates to an encryption and decryption method, which method comprises: a public-key encryption/decryption step, for which it is provided:
- Encryption/decryption methods of this type are widely known and have been used for a long time.
- Asymmetric encryption/decryption systems are called asymmetric since they have a first public key which is transmitted between the two entities that desire to exchange a message and which is used for carrying out the step encrypting the message to be transmitted by the entity that desires to transmit the message.
- the public key is known to both the entities, while the receiving entity is provided with a private key allowing the received message that has been encrypted with the public key to be decrypted.
- Asymmetric methods are a widely used approach for the secure transmission of messages using transmission channels that otherwise would not be secure.
- the asymmetric pairs of keys are composed of two separate keys of which a public key used for treating data in one manner and a second key for converting again the treated data to the original form. Keys are based on mathematical relations by means of which the knowledge of a key does not allow the other key to be calculated at least in a polynomial time or a reasonable time anyway.
- Encryption/decryption methods can be used for encrypting/decrypting digital signals of any type and exchanged using any different communication modes and even for signature authentication or verification.
- a public-key method provides the public key to be distributed to another party with which communication has to be established, while the private key is kept confidential.
- the public and private asymmetric keys allow two results to be obtained. Only the party that knows and holds the private key can decrypt the massage that has been encrypted with the corresponding public key. If a party decrypts the message by using the public key such party can be sure that the message has been encrypted by using the private key and therefore it has been probably generated by the holder of the private key.
- trapdoor functions For calculating the keys public-key methods and relevant systems use the so called trapdoor functions. These functions are generally defined also as “one way” functions and are functions that are relatively easy and quick to compute in one direction, while the computation on the opposite direction, namely the inverse one is not feasible above all in polynomial time due to the high complexity.
- the RSA and RABIN systems are based on the problem of factoring integers into factors composed of prime numbers.
- the EIGamal system on the contrary is based on the discrete logarithm problem of a multiplicative group and the elliptic curve encryption system is based on the elliptic curve discrete logarithm problem.
- RSA system is described in the document US 4,405,829 and in publications mentioned therein.
- the elliptic curve encryption system is described in the document US 5,146,500 and in publications mentioned therein.
- K (pub, A) be the public key of A and K (priv A) the private key of A.
- K(pub, B) and K(priv, B) are the public key and private key of B respectively.
- Asymmetric systems provide algorithms that generate the public key and the private key of each party.
- A In order to communicate one with the other A sends the public K (pub, A) to B and B sends its public K (pub, B) to A.
- the two parties exchange the public keys
- the session key (called also as master key) used for encrypting and decrypting messages is composed of the key K(pub, A) + K(priv, B) for encrypting the messages sent from B to A and for decrypting messages sent from A to B and the session key (or master key) K(pub,B) + K(priv, A) for encrypting messages sent from A to B and for decrypting messages sent from B to A.
- a further drawback of the system according to US2006/2803000A1 is that functions used in the method provide exact (real) output values. As regards security this can be a weakness since a cryptoanalyst by applying different mathematical attack methods can retrieve the values of one of the encryption/decryption keys.
- the functions suggested in the method are "linear" functions, that is they use operations such as sum or division or multiplications alone or combined together in a manner and such to create a "non-linear” function.
- linear functions in cryptographic science are known to be not secure functions.
- the fact of using an operation such as a division can lead to considerable compatibility problems in calculating floating-point values, especially on devices that have processors of different type: rounding, overflow, underflow problems, etc..., this means that encryption/decryption keys may be different and in the method no expedients is described for carrying out a check in such case.
- the aim of the invention is to provide an encryption/decryption method of the type described hereinbefore that allows both processing time and hardware resources required for carrying out the encryption/decryption steps to be reduced, while guaranteeing a higher security of the encryption/decryption method against any type of attacks intended for retrieving the keys necessary for the message encryption/decryption.
- the present invention further aims at improving an encryption/decryption method of the type described hereinbefore such to give a security level defined as "unconditional security" to the encryption algorithm.
- the invention achieves the above objects by an encryption/decryption method according to claim 1.
- the public key is generated by a Hash sum modulus function using a matrix of private values, a private modulus value and a public modulus value.
- the method is similar to the known Diffie-Hellman one but it does not use any prime numbers, or generally large numbers and it overcomes its drawbacks which are among those described above.
- the method according to the present invention provides considerable advantages as regards the computational perspective and the cryptographic analysis and particularly:
- the use of a mere "numerical sum" with an output value from function f(x) that is always of the numerical type leads to advantages as regards computation and occupancy of computational resources even on low power devices such as for example smart cards and it facilitates the implementation operation even in hardware as well as in software.
- f ( x ) is a non-perfect hash function and in particular a function modulo q whose inputs are the values of the matrix A with 1 ⁇ Ai , j ⁇ n , values p and q and R;
- the non-perfect Hash function aims at obtaining identical output numerical values from different arguments.
- the private key is composed of the matrix A mxn p and R are two public values agreed by the communicating parties or which are predetermined during setup of the encryption/decryption system q is defined by each entity by a pseudo-random generator according to a predetermined fixed process of the encryption/decryption method and system.
- the fact of obtaining the numerical sequence expressing the cryptographic key is not a banal problem, in complex problem field.
- the length of the key can be determined from the value of n and from the number of elements of the matrix.
- the keys exchanged for the next cryptographic step are fictitious keys such that the value thereof will never be able to coincide with a possible real key, this means that the possible keys exchanged and intercepted are keys that have no real value from the mathematical perspective and any examination thereof is null.
- the real keys are formed by the legitimate communicating parties using the fictitious key in combination with their own private key.
- the value p is a public value, while rnd value can be shared between the parties with a token or a part thereof can be defined a priori, while a remaining part can be composed of values variable over time such as date, time or other data.
- an essential characteristic of the method according to the present invention is the fact of not using mathematical relations with prime numbers during the key calculating steps. While in known systems such as RSA, DH and ECC the latter are essential for the system itself. In the method according to the present invention each value (usually n-bit number) is a valid number. This has positive effects in the designing phase, since in the method according to the present invention, the specific function remains isolated while in systems such as RSA, DH and ECC it is necessary to provide (complicated and slow) algorithms for creating prime numbers that have to be perfect and not pseudoprimes since such pseudo prime numbers are a problem as regards security.
- algebraic operations used in the method according to the present invention and that are sum, bit rotations, multiplications and n-bit modulus operations are among the fastest ones on many n-bit hardware platforms, currently with n of 32 or 64 bits even with moderate speed processors. This characteristic is important as regards cryptoanalytic attacks based on power consumption when executing the algorithm in the step creating the public and session key (power monitoring attack and timing attack).
- the method according to the present invention provides a higher efficiency in terms of computer overhead, key size and bandwidth, with respect to other systems.
- the method and system according to the present invention belong to the class of so called NP-complete combinatorial problems.
- the method and system according to the present invention use a "non-perfect hash" function which is recursively called for creating a value given by the sum of all the values of the private key forming the matrix A and modulus q and which result in creating the public key.
- the token is not calculated during the step creating the public keys (as in SRP protocol), but when calculating the session key. If the hash value of the session key is not equal for all the communicating entities, probably a Man in the middle attack has been performed. Therefore usually, when sending a message encrypted with the common session key, even the hash value of the key is sent for immediately verifying the equality. It is impossible to define the Token value from Hash value.
- the present invention in combination with the public-key method relates also to a preferred private-key method that can be used for performing the second step of the present method or can be used also independently as a symmetric encryption/decryption method, namely a private or secret key one.
- this symmetric method for the encryption/decryption provides the use of a function performing an algebraic sum of the bytes forming a message or the data to be encrypted and the bytes of a given encryption/decryption secret key and which function is not a hash function.
- the main operation on which the algorithm is based is an "algebraic sum" of the bytes forming a message and the bytes of a specific key (with a variable length) and it bases a great part of the security on the statistical properties offered by a general algebraic summation (equiprobability and uncertainty).
- a property of S is that S is always a value representable with 8-bit.
- the encryption fraction can be expressed in percentage, in relation to a maximum value of 8-bit, in proportion to the block to be processed: if for example the block is composed of 128-bit (16bytes) a cryptoanalyst has 6.25% of bits available and for a block of 256-bit (32 bytes) he/she has 3.125% of bits available. Accordingly the longer the block is the higher the security provided by the algorithm is.
- the encryption function is not a data "compression function” or a hash function. With reference to the latter, it is just the opposite: the encryption function tends, probabilistically, to provide S such that for different messages/keys it can provide equal values.
- the encryption function uses a method that duplicates, in the encryption step, the message m, such to make the encryption step reversible.
- the present symmetric method is a block cipher belonging to the class of private-key ciphers.
- the cryptographic system is a novelty in private-key algorithms.
- the aim upon which this encryption/decryption symmetric method is based is to provide a dedicated encryption system that is rapid, highly secure namely resistant against cryptographic analysis, particularly to linear and differential one and easy in hardware/software implementation.
- This symmetric encryption/decryption method is mainly studied for high-speed hardware/software applications for protecting classified messages and it is dedicated to encrypt radio signals such as for example Prr (Personal role radio) devices and the like, audio/video transmissions such as videcoconferences, and it is particulary suitable for small messages (such as military messages, banking data and the like for example).
- Prr Personal role radio
- the invention relates also to an encryption/decryption method based on asymmetric and/or symmetric method mentioned above and an encryption/decryption device comprising a program loaded in the memory of a computer and adapted to be executed by said computer wherein the execution of the program causes the execution of the method steps according to one or more of the characteristics mentioned above and claimed and regarding the asymmetric and/or symmetric encryption/decryption method.
- the invention relates also to a storage medium readable by a processing unit, upon which medium a program executable by said computer is stored, whose execution causes the execution of the method steps according to one or more of the characteristics mentioned above and claimed and regarding the asymmetric and/or symmetric encryption/decryption method.
- the transmission of the public key can occur also in a graphic form, as an image or graph.
- the method and the system implementing said method according to the present invention uses a H sum modulus function.
- the method is similar to the known Diffie-Hellman one but it does not use any prime numbers, and generally no large numbers as well.
- the H sum modulus function is a non-perfect hash function and it uses a A matrix of private values, a private modulus value q and a public modulus value p for generating a public numerical key and the same values that is the matrix A and the modulus q and p, are used again for generating the shared encryption/decryption key (sessione key).
- the matrix that is used is a two-dimensional matrix whose values start from a minimum of 2 8 , the same applies to the choice of the modulus q and value p.
- the number of rows R of the matrix can be arbitrarily selected in the range: 32 ⁇ R ⁇ 256
- the method according to the present invention is based on the self-construction of the encryption/decryption key which occurs by using a public key transmitted from each entity of the mutually communicating entities to the other entities.
- each of said entities After exchanging the public keys between two or more mutually communicating entities, each of said entities has the material for creating the secret encryption key (or session key) to be used in combination with any symmetric key algorithm (private key) for encrypting/decrypting any messages in the binary format.
- the algorithm intended for generating the key has a particular characteristic, according to which each entity uses a vector of private values that has never been used during the public key generating step. This characteristic gives considerable security since the key is enriched with material known only to each individual entity. Let suppose, by absurbdity, that an attacker is able to accidentally retrieve the values of the private key of at least two mutually communicating entities, it should necessarily retrieve the values of this vector and their exact permutation in order to reconstruct the encryption/decryption key. This possibility is very unlikely to occur since these values are never transmitted but, they are simply considered when constructing the private or session key. Other known public algorithms do not have such characteristics since the mathematical formulation does not allow the basic function to be changed for creating the session keys.
- Figure 1 shows an example of a real public key and of the corresponding fictitious public key of two mutually communicating entities respectively denoted by A and B.
- the generation of the fictitious key occurs by using a function modifying the real value of the public key v according to the relation v+rnd*p, wherein rnd is a pseudo-random value generated by the system and p is a value defined as above.
- the rnd value is generated by a pseudo-random generator from the same seed composed of a value shared by the parties by means of an indentification token exchanged only once and/or composed at least partially of a predetermined value exchanged only once and of values variable over time and knowable to both the mutually communicating parties.
- the encryption/decryption method provides several steps that will be described below by using a more strict and precise mathematical and pseudocode notation.
- Public parameters are composed of values p and R and private ones of values q and A.
- a first step is to generate the private key composed of the matrix A nxm and value q:
- a nxm be a matrix.
- Matrix A nxm is initialized as it follows if we denote by r the general row of the matrix and by p ( p ⁇ Z + ) a value representing the modulus shared by the communicating parties, that is the public value p:
- the value q is automatically generated during the method steps and by the system carrying out the method according to the present invention.
- the value of the shared modulus p also automatically generated or predetermined in the initial setup of the method and of the system guarantees the function used by the communicating parties to provide the common encryption/decryption key. Therefore the only value known to a possible attacker is p together with values of public keys S.
- the trapdoor is inherent in the function generating the encryption/decryption key that will be defined in more details below.
- the private key is composed of the matrix A mxn p and R are two public values agreed by the communicating parties or which are predetermined during setup of the encryption/decryption system q is defined by each entity by a pseudo-random generator according to a predetermined fixed process of the encryption/decryption method and system.
- random values can be obtained by using PRNGs (Pseudo Random Number Generator) o TRNGs (True Random Number Generator) selected among the most cryptographically secure ones and they can be implemented in the present invention according to the specifications related thereto. For example it is possible to use PRNG included in specifications ANSI X9.17.
- rnd ⁇ p such that the encryption/decryption common key can be obtained (that can be defined also as inverse function according to a not strictly mathematical notation).
- n ⁇ p (mod p ) 0 therefore, this guarantees the function to be correct and independent of rnd.
- the multiplication of the matrix by the index i leads to output permutation, important for the sequence creating the key and for a possible randomly selected subset thereof.
- the function f ( x ) for creating the public key and the common encryption/decryption key (in some parts of the text for brevity reasons defined by the term inverse function in a not canonical form) according to the preceding relation can be advantageously selected among the following groups:
- w 1 and w 2 designate integer values in the range from 1 to 31 for 32-bit processors and 1-63 for 64-bit processors.
- w 3 is an integer value in the range from 1 to 32bit for 32-bit processors and 1-64 for 64-bit processors.
- ⁇ , >>, ⁇ , >>> represent bit-shift left operations by w 2 positions, bit-shift right operations by w 2 positions, bit-rotate left operations by w 1 positions and bit-rotate right operations by w 1 positions respectively.
- the table of figure 2 shows the two public keys calculated according to what previously described for A and B.
- A sends its public key to B and B sends its public key to A.
- the third step provides the steps for creating the encryption/decryption private key called also as session key.
- the function for creating the session key (defined in some parts of the description and of the claims for brevity also as inverse function f -1 ( x ) improperly using the mathematical term) can be selected among the following groups:
- w 3 is an integer value in the range from 1 to 32bit for 32-bit processors and 1-63 for 64-bit processors.
- ⁇ , >>, ⁇ , >>> represent bit-shift left operations by w 2 positions, bit-shift right operations by w 2 positions, bit-rotate left operations by w 1 positions and bit-rotate right operations by w 1 positions respectively.
- Values w 1 , w 2 , w 3 are predetermined during setup of the method and system and they do not need to be indicated each time by the user but they are automatically used.
- the function f(x) is the same used both for computing public keys and for computing the session key (that is for encryption and decryption).
- the added element is the public key of A or B which is combined with the private key (the matrix Anxm) of A or B.
- the length of the public, private and session key is variable, such to be adapted to different security levels.
- the method according to the present invention is simply equivalent to a private-key system as regards the size and the relevant security. Accordingly the method of the present invention requires low computational resources even for computing large keys that is keys ranging from at least 256 to 4096 bits.
- Figure 8 shows a comparative table for the mentioned systems.
- the method of the present invention is able to provide 8x32-bit keys (256 bit).
- Algebraic operations that are used and that essentially are the sum, bit rotations, multiplications and n-bit modulus operations are among the most rapid ones on many hardward platforms with modern n-bit processors (32/64-bit), but also with old generation processors and having a moderate speed. This characteristic is important as regards cryptoanalytic attacks based on the power consumption during the execution of the algorithm in the step creating public and session keys (power monitoring attack and timing attack).
- a comparison of known algorithms, of the same category, such as RSA and DH shows that the algorithm used in the method according to the present invention has a regular and constant trend in the power consumption in comparison to the latter.
- Figure 8 shows the results of the trend of the average power consumption with RSA/DH systems and with a system working according to the method of the present invention respectively while figure 4 shows the time for creating a key.
- the power consumption in the case of the present method and system is very lower and quasi-linear than RSA/DH systems particularly.
- the session key used for encryption and decryption of messages exchanged between A and B according to any encryption/decryption method or algorithm is denoted by ks.
- the method and the system according to the present invention belong to the class of NP-complete problems with a particular reference to the class of combinatorial problems.
- the algorithm uses a "non-perfect hash" function called recursively for creating a value given by the sum of all the n values of the private key and which result in the creation of the public key.
- the keys exchanged for the following encryption/decryption step are fictitious keys (such that the value thereof can never coincide with a possible real key), this involves that any keys exchanged and intercepted are keys that have no real value from the mathematical perspective and any examnation thereof is null.
- the real keys are composed by the legitimate communicating parties using the fictitious key in combination with their own private key.
- the key exchange occurs by the same mode of Diffie-Hellman protocol as pointed out in figure 2 , but, unlike the latter the public, fictitious keys exchanged can generate a theorically infinite random numerical sequence and that represents the real key, that is the session key for coding and uncoding messages.
- the example in figure 3 shows how such sequence is obtained from the exchange of two keys.
- the determination of which values of the sequence are the correct ones usable as session keys is defined by a token shared between the two entities or by a shared resetting of parameters of the method or system defining the choice of the values of said sequence.
- the shared value is composed of the seed (value) generating a pseudo-random value defining the value sequence of the vector to be considered as valid session keys and that are underlined in figure 3 .
- Figures 5 and 6 show an example for carrying out the method composed of a program executed by a server and a client communicating one another.
- boxes 1 and 2 denote the values of the public keys of the server and of the client that have been exchanged one with the other.
- the box 6 denotes the ID token.
- Box 4 shows the values of the matrix constituting the private key of the server and of the client respectively. It is clear that matrices are two column type and the values are different for the server and the client.
- Box 5 shows session key and box 3 the authentication status of the client at the server.
- Figure 6 shows the same windows for which the ID code of the client is indicated as wrong and therefore the system has not been able to calculate the session key for the client and the status indicated is that of potential intrusion in the status box 3. Moreover box 5 wherein the session key appears shows how the values are different in the server and in the client.
- the method according to the present invention described up to now is the first public-key step by means of which a private key is transmitted for carrying out encryption/decryption operations of data, messages, or the like according to a symmetric key method, that is a private-key one.
- the invention provides to use an innovative symmetric encryption/decryption method with respect to prior art ones.
- the innovative method is a block encryption/decryption method belonging to the category of private-key ciphers suitable mainly for high-speed hardware/software applications for protecting classified messages, for encrypting radio signals for example Prr (Personal role radio) devices and the like, audio/video transmissions such as videoconferences.
- Prr Personal role radio
- the method and the corresponding system working according to this method is provided for small messages such as for example military messages, banking data, and the like.
- Figure 7 shows a flow diagram of a generic symmetric encryption/decryption method.
- a plain message m provided at step 10 is subjected to encryption at step 11 with an encryption key obtaining as output at step 12 the encrypted message m*.
- This encrypted message subjected to decryption at step 13 by a decryption algorithm using the same key used for the encryption provides as output 14 the message m in the original form.
- the algorithm is based on an "algebraic sum" of the bytes forming a message to be transmitted and encrypted/decrypted and the bytes of a given key (having a variable length) and it bases most of the security on the statistical properties provided by a generic algebraic summation which consist in equiprobability and uncertainty.
- a property of S is that S is always a value representable with 8-bit.
- the encryption fraction can be expressed in percentage, in relation to a maximum value of 8-bit, in proportion to the block to be processed. If for example the block is composed of 128-bits (16bytes) a cryptoanalyst has 6.25% of bits available and for a block of 256-bits (32 bytes) he/she has 3.125% of bits available. Accordingly the more the block is long the higher the security is provided by the algorithm.
- the above mentioned encryption function is not a data compression function or a hash function, but on the contrary with reference to the latter, it is just the opposite since the encryption function tends, probabilistically, to provide S such that for different messages/keys it can provide equal values.
- the aim of the mixing function is to create a very high "diffusion" in each encrypted block.
- the encryption step occurs in four steps:
- the key used for encryption/decryption has been transmitted to the communicating entitites by using the public-key encryption/decryption method constituting the first step of the combined encryption/decryption method.
- the private key now is in possession of the entitites that can use it both for encrypting messages to be transmitted and for the decryption, that is for converting a received encrypted message into a plain message which encryptions and decryptions are performed by the private key according to the encryption and decryption symmetric method described here.
- the method and the relevant symmetric encryption/decryption system can also be used separately from the asymmetric method as a conventional symmetric encryption/decryption method without providing the initial step transmitting the private key by the above mentioned asymmetric method. Even in such conditions the symmetric method has advantages with reference to known methods both as regards the speed, and the security against attacks.
- S 0 is the original summation (without substitution) of the first N bytes provided in the block to be encrypted.
- S i is the i-th summation of the bytes in the i-th block
- fmix is the mixing function of the i-th summation.
- k 1 , k 2 , ...k 7 are substitution key values relevant to the byte of each individual sum and obtained as shown in the step scheduling the session key (it has to be noted that ko is never used in the substitution step as it has no importance in the method) . All the sums from S 0 to S 7 are 8-bit sums.
- this step consists in creating three tables used for the encryption and decryption step.
- the 32-bit tables P and Q are used in the mixing step while the 8-bit table (vector) k is used in the sum step modulo 2 and in the step of substitution of the individual bytes as defined above even with the example of the substitution of the 8-bit message block.
- the key can change from a minimum of 64-bits to 1024-bits.
- the security increases in an almost exponential manner since the difficulties of the cryptography analysis of the blocks increase.
- the scheduling step is better described and with a more accuracy by the following scheduling pseudocode of the Master key:
Landscapes
- Engineering & Computer Science (AREA)
- Computing Systems (AREA)
- Theoretical Computer Science (AREA)
- Computer Security & Cryptography (AREA)
- Computer Networks & Wireless Communication (AREA)
- Signal Processing (AREA)
- Storage Device Security (AREA)
- Signal Processing For Digital Recording And Reproducing (AREA)
- Reverberation, Karaoke And Other Acoustics (AREA)
- Facsimile Transmission Control (AREA)
Claims (10)
- Verschlüsselungs- und Entschlüsselungsverfahren, umfassendi) einen ersten öffentlichen Schlüssel oder asymmetrischen Verschlüsselungs-/Entschlüsselungsschritt, umfassend:Schritt 1: Erzeugen des privaten Schlüsselsin dem ein privater Schlüssel für jede von wenigstens zwei miteinander kommunizierenden Entitäten erzeugt wird, wobei der private Schlüssel nur von der entsprechenden Entität bekannt ist;Schritt 2: Erzeugen des öffentlichen Schlüsselswobei für jede von wenigstens zwei miteinander kommunizierenden Entitäten ein öffentlicher Schlüssel als Funktion des privaten und der besagten Entität gehörenden Schlüssels erzeugt wird,wobei der öffentliche Schlüssel ein numerischer Wert ist, der mit Hilfe einer Hash-Summenmodulus-Funktion des privaten Schlüssels der genannten Entität berechnet wird;wobei der private Schlüssel sich aus der Matrix Amxnmit 1 ≤ Ai, j ≤ n und ∀i = 1,...,n, p ∈ Z zusammengesetzt ist und ferner den folgenden Schritt umfasstAnwenden einer Funktion zur Modifizierung des Wertes der öffentlichen Schlüssel gemäß der Beziehungv+rnd∗pin demv der öffentliche Schlüssel, rnd ein Pseudo-Zufallswert und p eine zufällige ganze Zahl ist, die von den kommunizierenden Entitäten geteilt wird,Austauschen zwischen zwei kommunizierenden Entitäten ihrer öffentlichen Schlüssel, die zu dem genannten Zufallswert rnd∗p summiert werden;ii) einen zweiten Verschlüsselungs-/Entschlüsselungsschritt mit symmetrischem Schlüssel, für den ein Geheim- oder Sessionschlüssel zur Verschlüsselung/Entschlüsselung einer oder mehrerer zweiter Nachrichten bereitgestellt wird, die zwischen den wenigstens zwei kommunizierenden Entitäten übertragen werden, umfassend:der besagte Geheim- oder Sessionschlüssel zwischen den wenigstens zwei kommunizierenden Entitäten unter Verwendung des ersten Verschlüsselungsschritts mit öffentlichem Schlüssel ausgetauscht wird und der Geheimschlüssel für die Verschlüsselung/Entschlüsselung die erste Nachricht bildet,wobei die Funktion f(x) zum Erzeugen des öffentlichen Schlüssel aus den folgenden Gruppen ausgewählt wird:wobeiw 1 und w 2 bezeichnen ganzzahlige Werte im Bereich von 1 bis 31 für 32-Bit-Prozessoren und 1-63 für 64-Bit-Prozessoren;w 3 ist ein ganzzahliger Wert im Bereich von 1 bis 32-Bit für 32-Bit-Prozessoren und 1-64 für 64-Bit-Prozessoren;die Symbole <<,>>,<<<,>>> stehen fürOperationen mit Bit-Verschiebung nach links um w 2 Positionen, Operationen mit Bit-Verschiebung nach rechts um w 2 Positionen, Operationen mit Bit-Drehung nach links um w 1 Positionen bzw. Operationen mit Bit-Drehung nach rechts um w 1 Positionen.
- Verschlüsselungs- und Entschlüsselungsverfahren nach Anspruch 1, wobei der private Schlüssel aus einer Matrix Amxn mit m Zeilen und n Spalten privater Werte und einem privaten Moduluswert q besteht und wobei der öffentliche Schlüssel gemäß der folgenden Funktion berechnet wird:öffentliche Schlüsselƒ(x) ist eine nicht-perfekte Hash-Funktion und insbesondere eine Funktion modulo q, deren Eingaben die Werte der Matrix Amxn sind mit 1 ≤ Ai, j ≤ nq ist ein privater Moduluswert;p ist ein öffentlicher Moduluswert und eine zufällige ganze Zahl mit p∈Z+ die von den kommunizierenden Entitäten geteilt wird;R ist ein öffentlicher Wert, der die Dimension der Matrix Amxnausdrückt;i ist ein Iterator-Index mit i∈Z+S ist das Ergebnis der Summierung und entspricht dem öffentlichen Schlüssel,rnd ist die besagte Zufallszahl;wobei die Werte von p und R zwei öffentliche Werte sind, die von den kommunizierenden Partnern vereinbart wurden oder die während der Einrichtung des Verschlüsselungs-/Entschlüsselungssystems vorbestimmt sind.
- Verfahren nach Anspruch 1 oder 2, wobei:die Erzeugung der Matrix A gemäß den folgenden Schritten durchgeführt wird:Ar,0= rnd mit Ar,0 ∈ Z und 1 ≤ r ≤ RAr,1 = rnd ∗ p mit Ar,1 ∈ Z und 1 ≤ r ≤ Rq = rnd ∗ p mit q ∈ Z+Einschränkungen:
q≠p; Ar,0(modp)≠ 0 e Ar,0 >q wobei:r ist die allgemeine Zeile der Matrix;p mit p ∈ Z+ ist der öffentliche Moduluswert, der von allen kommunizierenden Teilnehmern gemeinsam genutzt wird und bekannt ist;Ar,0 und q sind private Zufallswerte und q wird als Modulus in der Hash-Summen-Modulus-Funktion ƒ(x) verwendet. - Verfahren nach einem oder mehreren der vorhergehenden Ansprüche, wobei die Funktion zur Erzeugung des geheimen Schlüssels aus den folgenden Gruppen ausgewählt wird:wobei: w 1 und w 2 sind ganzzahlige Werte im Bereich von 1 bis 31 für 32-Bit-Prozessoren und 1-63 für 64-Bit-Prozessoren;w 3 ist ein ganzzahliger Wert im Bereich von 1 bis 32 Bit für 32-Bit-Prozessoren und 1-63 für 64-Bit-Prozessoren;die Symbole <<,>>,<<<,>>> stehen für Operationen mit Bit-Verschiebung nach links um w 2 Positionen, Operationen mit Bit-Verschiebung nach rechts um w 2 Positionen, Operationen mit Bit-Drehung nach links um w 1 Positionen bzw. Operationen mit Bit-Drehung nach rechts um w 1 Positionen.
- Verfahren nach einem oder mehreren der vorhergehenden Ansprüche, dadurch gekennzeichnet, dass die Verschlüsselungsfunktion eine algebraische Summe der gesamten erzeugten verschlüsselten Nachricht durchführt, so dass die gesamte verschlüsselte n-Bit-Nachricht in nur 8 Bits für Nachrichten bis zu 1024 Bits dargestellt wird, wobei sie durch die folgende Beziehung beschrieben wird:ƒmix ist eine Mischfunktion für jede i-te Summenbildung modulo 8-bit, die zwei Schlüssel pi , qi verwendet;sub ist die Substitutionsfunktion, die den folgenden Schritten der Substitution des einzelnen Bytes bi und der algebraischen Summe der einzelnen Bytes folgt, d. h. die Funktion, die ki durch biersetzt:For i = 1 To N - 1 do:Si = S0 - bi + kiNext;ki ist das i-te Byte des Schlüssels in der Xor-Funktion;bi ist das i-te Byte einer allgemeinen Nachrichtund, wobei die Verschlüsselung unter Verwendung der folgenden, als Pseudocode ausgedrückten Schritte erfolgt:a. Binärsumme und zwar mod 2 mit Schlüssel ki:For i = 0 To N - 1 do:bi = bi ⊕ kiNext;b. Ursprüngliche algebraische Summe:For i = 0 To N - 1 do:S0 = So + biNextc. Substitution einzelner Bytes und algebraische Summe einzelner Bytes, d.h. Substitution von k i fur b i :For i = 1 To N - 1 do:Si = S0 - bi + kiNextd. Anwendung der Mischfunktion fmixFor i = 1 To N-1 dofmix Si, Si-1, piNextFor i = N - 2 To 0 Step-1fmix Si, S i+1 , qiNextwobei:ƒmix ist eine Summenfunktion modulo 8-bit mit zwei Schlüsseln pi, qi;bi ist das i-te Byte einer allgemeinen NachrichtSi ist die i-te algebraische Summe.und wobeidie Entschlüsselung erfolgt mit Hilfe einer Funktion, die folgende Schritte durchführt:For i = 0 To N- 2 do:fmix-1 Si, Si + 1, qiNextFor i = N-1 To 1 Step-1fmix-1 Si, Si-1, piNextsum = 0For i = 1 To N-1 do:bi = S0 - (si - ki)sum = sum + bibi = bi ⊕ kiNextb0 = (b0 - sum) ⊕ k0mitfmix-1: x = (x - y - k) And 28-1;
y = (y - x - k) And 28-1wobeiƒmix ist eine Summenfunktion modulo 8-bit mit zwei Schlüsseln pi, qi und fmix-1 ist ihre Umkehrfunktion;sum ist eine ganzzahlige Variable, die die algebraische Summe der einzelnen Bytes des Blocks enthält;ki ist das i-te Byte des geheimen Schlüssels;bi ist das i-te Byte einer allgemeinen Nachricht Si ist die i-te algebraische Summe;K enthält den i-ten Wert von pi oder qi;x enthält den i-ten Wert von Si;y enthält den i-ten Wert von Si+i oder Si-1;p ist ein ganzzahliger Vektor, der den im Schritt der Planung des Sessionschlüssels erhaltenen geheimen Schlüssel enthält;q ist ein ganzzahliger Vektor, der den geheimen Schlüssel enthält, der im Schritt der Planung des Sessionschlüssels erhalten wurde. - Verfahren nach Anspruch 6, wobei der Verschlüsselungs-/Entschlüsselungsschlüssel aus einem Master-Schlüssel erzeugt wird, der verwendet wird, um drei Tabellen für die Werte von P, Q und K zu erstellen, wobei die 32-Bit-Werte von P und Q in der Funktion fmix verwendet werden und die 8-Bit-Werte von K in dem individuellen Byte-Substitutionsschritt verwendet werden, und wobei der Master-Schlüssel durch das folgende Verfahren, ausgedrückt als Pseudocode, berechnet wirdd.h.a = 0b = 0nk=8ks = SessionschlüsselL = Länge des zu verschlüsselnden Blocks; 8,16,32,...256-Byte, d.h. Vielfachen von 8 ByteFor r = 1 To 2 do:w = 0For i = 1 To (L \ nk) do:z = nk-1For j = 0 To nk - 1 do:a= a + (ks(z0>>>7 ⊕ ks(z)>>>18 ⊕ ks(z)>>3) ⊕ bb= b + (ks(w)>>>7 ⊕ ks(w)>>>18 ⊕ ks(w)>>3) ⊕ aks(w) = aks(z) = ks(z) ⊕ bz = z-1w = w + 1NextNext// 32-Bit-Vektor von P und Q erstellen Iƒr = 1 ThenFor i = 0 To L - 1 do:p(i) = ks(i) NextElseFor i = 0 To L - 1 do:q(i) = ks(i) NextEnd IfNext// Substitutionsvektor erstellenFor i = 0 to L -1 do:k(i) =Abs( (p(i) ⊕ q(i) ) mod 256) Nextwobei für die verwendeten Operatoren folgendes gilt:>>> = Right Shift>>> = Left Shift⊕ = Summe Modulo 2Abs = Berechnen des Absolutwerts\ = Ganzzahlige Division
- Verschlüsselungs-/Entschlüsselungsvorrichtung, dadurch gekennzeichnet, dass sie ein in einen Computerspeicher geladenes und zur Ausführung durch den Computer geeignetes Programm umfasst, wobei die Ausführung des Programms die Ausführung des in einem oder mehreren der vorhergehenden Ansprüche 1 bis 7 beanspruchten Verfahrens bewirkt.
- Speichermedium, das von einer Verarbeitungseinheit lesbar ist, dadurch gekennzeichnet, dass es ein Programm speichert, das von dem Prozessor ausgeführt werden kann, dessen Ausführung die Ausführung des Verfahrens nach einem oder mehreren der vorhergehenden Ansprüche 1 bis 7 bewirkt.
- Verschlüsselungs-/Entschlüsselungssystem, dadurch gekennzeichnet, dass es die Ausführung des in einem oder mehreren der vorhergehenden Ansprüche 1 bis 7 beanspruchten Verfahrens durch Kommunikationsvorrichtungen zwischen wenigstens zwei miteinander kommunizierenden Entitäten umfasst.
Applications Claiming Priority (2)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
IT000091A ITGE20110091A1 (it) | 2011-08-10 | 2011-08-10 | Metodo di cifratura e decifratura |
PCT/IB2012/054060 WO2013021360A1 (en) | 2011-08-10 | 2012-08-09 | Encryption and decryption method |
Publications (2)
Publication Number | Publication Date |
---|---|
EP2742644A1 EP2742644A1 (de) | 2014-06-18 |
EP2742644B1 true EP2742644B1 (de) | 2022-04-13 |
Family
ID=44720955
Family Applications (1)
Application Number | Title | Priority Date | Filing Date |
---|---|---|---|
EP12772804.6A Active EP2742644B1 (de) | 2011-08-10 | 2012-08-09 | Verschlüsselungs- und entschlüsselungsverfahren |
Country Status (3)
Country | Link |
---|---|
EP (1) | EP2742644B1 (de) |
IT (1) | ITGE20110091A1 (de) |
WO (1) | WO2013021360A1 (de) |
Families Citing this family (8)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN103812658B (zh) * | 2014-01-21 | 2018-01-16 | 沈阳工业大学 | 一种基于流密码的安全通信协议 |
EP3402118A1 (de) * | 2017-05-10 | 2018-11-14 | Koninklijke Philips N.V. | Schlüsselvereinbarungsvorrichtungen und verfahren |
FR3074989B1 (fr) * | 2017-12-11 | 2021-03-05 | Airbus Defence & Space Sas | Procede de communication securise |
CN113676320A (zh) * | 2018-08-01 | 2021-11-19 | 百度在线网络技术(北京)有限公司 | 车辆ecu密钥的确定方法、装置、设备及存储介质 |
CN109150923A (zh) * | 2018-11-06 | 2019-01-04 | 江苏怡通数码科技有限公司 | 基于混合加密的网络传输数据安全处理方法 |
CN114095151A (zh) * | 2020-07-31 | 2022-02-25 | 马上消费金融股份有限公司 | 一种加解密方法、认证方法、装置、设备和存储介质 |
CN112671730A (zh) * | 2020-12-15 | 2021-04-16 | 广东华兴银行股份有限公司 | 一种线上交换对称加密密钥的方法、设备及介质 |
CN114758728B (zh) * | 2022-06-15 | 2022-09-02 | 成都边界元科技有限公司 | 混合进制下产生最小海明距离的基因型标识及可视化方法 |
Family Cites Families (7)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
US2803000A (en) | 1953-12-11 | 1957-08-13 | Cinch Mfg Corp | Snap-in subminiature socket |
US4405829A (en) | 1977-12-14 | 1983-09-20 | Massachusetts Institute Of Technology | Cryptographic communications system and method |
ATE128297T1 (de) | 1991-03-14 | 1995-10-15 | Omnisec Ag | Verschlüsselungssystem mit öffentlichem schlüssel unter verwendung elliptischer kurven über ringe. |
CA2263588C (en) | 1996-08-19 | 2005-01-18 | Ntru Cryptosystems, Inc. | Public key cryptosystem method and apparatus |
DE69840959D1 (de) | 1997-12-17 | 2009-08-20 | Nippon Telegraph & Telephone | Verschlüsselungs- und Entschlüsselungsvorrichtungen für Kryptosysteme mit öffentlichem Schlüssel und Aufzeichnungsmedium mit darauf gespeicherten zugehörigen Verarbeitungsprogrammen. |
US6798884B1 (en) * | 1998-09-16 | 2004-09-28 | Murata Kikai Kabushiki Kaisha | Encryption method, decryption method, encryption/decryption method, cryptographic communications system, and computer usable medium |
US20060280300A1 (en) * | 2005-06-08 | 2006-12-14 | Fernando Rossini | Cryptographic system |
-
2011
- 2011-08-10 IT IT000091A patent/ITGE20110091A1/it unknown
-
2012
- 2012-08-09 WO PCT/IB2012/054060 patent/WO2013021360A1/en unknown
- 2012-08-09 EP EP12772804.6A patent/EP2742644B1/de active Active
Non-Patent Citations (2)
Title |
---|
ANDERSON R J ET AL: "Fortifying key negotiation schemes with poorly chosen passwords", ELECTRONICS LETTERS, IEE STEVENAGE, GB, vol. 30, no. 13, 23 June 1994 (1994-06-23), pages 1040 - 1041, XP006000691, ISSN: 0013-5194, DOI: 10.1049/EL:19940697 * |
SEONGHAN SHIN ET AL: "Elliptic Curve based Authenticated Key Agreement Protocol for Wireless Security", COMPUTATIONAL INTELLIGENCE AND SECURITY, 2006 INTERNATIONAL CONFERENCE ON, IEEE, PI, 1 November 2006 (2006-11-01), pages 1096 - 1100, XP031012973, ISBN: 978-1-4244-0604-3 * |
Also Published As
Publication number | Publication date |
---|---|
EP2742644A1 (de) | 2014-06-18 |
WO2013021360A1 (en) | 2013-02-14 |
ITGE20110091A1 (it) | 2013-02-11 |
Similar Documents
Publication | Publication Date | Title |
---|---|---|
EP2742644B1 (de) | Verschlüsselungs- und entschlüsselungsverfahren | |
Laiphrakpam et al. | A robust image encryption scheme based on chaotic system and elliptic curve over finite field | |
Almaiah et al. | A new hybrid text encryption approach over mobile ad hoc network | |
US9264406B2 (en) | Public key cryptography with reduced computational load | |
US8331558B2 (en) | Method of cipher block chaining using elliptic curve cryptography | |
Abdeldaym et al. | Modified RSA algorithm using two public key and Chinese remainder theorem | |
Agrawal et al. | Elliptic curve cryptography with hill cipher generation for secure text cryptosystem | |
US6769062B1 (en) | Method and system of using an insecure crypto-accelerator | |
US20180294951A1 (en) | Methods and systems for enhanced data-centric scalar multiplicative homomorphic encryption systems using geometric algebra | |
JP2019528028A (ja) | 幾何代数を用いた高度データ中心型暗号化システムのための方法およびシステム | |
Marzan et al. | An enhanced key security of playfair cipher algorithm | |
Sakib | ANALYSIS ON FUNDAMENTAL ALGEBRAIC CONCEPTS AND INFORMATION SECURITY SYSTEM | |
US20100150343A1 (en) | System and method for encrypting data based on cyclic groups | |
US20060251248A1 (en) | Public key cryptographic methods and systems with preprocessing | |
US7280663B1 (en) | Encryption system based on crossed inverse quasigroups | |
Mahmoud | Development of Matrix Cipher Modifications and Key Exchange Protocol | |
KR20010067016A (ko) | 알에스에이 공개키 암호 고속화 장치 및 방법 | |
JP7443217B2 (ja) | 暗号化装置、復号装置、暗号方法、復号方法、暗号化プログラム及び復号プログラム | |
Kumar et al. | Non-singular Transformation Based Encryption Scheme | |
Maity et al. | Image encryption using RSA and advanced Caesar Cipher method | |
Sasikaladevi et al. | SNAP-compressive lossless sensitive image authentication and protection scheme based on Genus-2 hyper elliptic curve | |
Hazzazi et al. | Asymmetric Key Cryptosystem for Image Encryption by Elliptic Curve over Galois Field GF (2 n). | |
Bassous et al. | Ambiguous asymmetric schemes | |
Memon et al. | Randomized text encryption: A new dimension in cryptography | |
WO2018011825A1 (en) | Encryption and decryption of messages |
Legal Events
Date | Code | Title | Description |
---|---|---|---|
PUAI | Public reference made under article 153(3) epc to a published international application that has entered the european phase |
Free format text: ORIGINAL CODE: 0009012 |
|
17P | Request for examination filed |
Effective date: 20140307 |
|
AK | Designated contracting states |
Kind code of ref document: A1 Designated state(s): AL AT BE BG CH CY CZ DE DK EE ES FI FR GB GR HR HU IE IS IT LI LT LU LV MC MK MT NL NO PL PT RO RS SE SI SK SM TR |
|
DAX | Request for extension of the european patent (deleted) | ||
STAA | Information on the status of an ep patent application or granted ep patent |
Free format text: STATUS: EXAMINATION IS IN PROGRESS |
|
17Q | First examination report despatched |
Effective date: 20180327 |
|
STAA | Information on the status of an ep patent application or granted ep patent |
Free format text: STATUS: EXAMINATION IS IN PROGRESS |
|
RIC1 | Information provided on ipc code assigned before grant |
Ipc: H04L 9/30 20060101ALI20211028BHEP Ipc: H04L 9/08 20060101AFI20211028BHEP |
|
GRAP | Despatch of communication of intention to grant a patent |
Free format text: ORIGINAL CODE: EPIDOSNIGR1 |
|
STAA | Information on the status of an ep patent application or granted ep patent |
Free format text: STATUS: GRANT OF PATENT IS INTENDED |
|
INTG | Intention to grant announced |
Effective date: 20211203 |
|
GRAS | Grant fee paid |
Free format text: ORIGINAL CODE: EPIDOSNIGR3 |
|
GRAA | (expected) grant |
Free format text: ORIGINAL CODE: 0009210 |
|
STAA | Information on the status of an ep patent application or granted ep patent |
Free format text: STATUS: THE PATENT HAS BEEN GRANTED |
|
AK | Designated contracting states |
Kind code of ref document: B1 Designated state(s): AL AT BE BG CH CY CZ DE DK EE ES FI FR GB GR HR HU IE IS IT LI LT LU LV MC MK MT NL NO PL PT RO RS SE SI SK SM TR |
|
REG | Reference to a national code |
Ref country code: GB Ref legal event code: FG4D |
|
REG | Reference to a national code |
Ref country code: CH Ref legal event code: EP |
|
REG | Reference to a national code |
Ref country code: DE Ref legal event code: R096 Ref document number: 602012078037 Country of ref document: DE |
|
REG | Reference to a national code |
Ref country code: IE Ref legal event code: FG4D |
|
REG | Reference to a national code |
Ref country code: AT Ref legal event code: REF Ref document number: 1484243 Country of ref document: AT Kind code of ref document: T Effective date: 20220515 |
|
PGFP | Annual fee paid to national office [announced via postgrant information from national office to epo] |
Ref country code: MC Payment date: 20220629 Year of fee payment: 11 Ref country code: LU Payment date: 20220628 Year of fee payment: 11 |
|
REG | Reference to a national code |
Ref country code: LT Ref legal event code: MG9D |
|
REG | Reference to a national code |
Ref country code: NL Ref legal event code: MP Effective date: 20220413 |
|
PGFP | Annual fee paid to national office [announced via postgrant information from national office to epo] |
Ref country code: BE Payment date: 20220628 Year of fee payment: 11 |
|
REG | Reference to a national code |
Ref country code: AT Ref legal event code: MK05 Ref document number: 1484243 Country of ref document: AT Kind code of ref document: T Effective date: 20220413 |
|
PG25 | Lapsed in a contracting state [announced via postgrant information from national office to epo] |
Ref country code: NL Free format text: LAPSE BECAUSE OF FAILURE TO SUBMIT A TRANSLATION OF THE DESCRIPTION OR TO PAY THE FEE WITHIN THE PRESCRIBED TIME-LIMIT Effective date: 20220413 |
|
PG25 | Lapsed in a contracting state [announced via postgrant information from national office to epo] |
Ref country code: SE Free format text: LAPSE BECAUSE OF FAILURE TO SUBMIT A TRANSLATION OF THE DESCRIPTION OR TO PAY THE FEE WITHIN THE PRESCRIBED TIME-LIMIT Effective date: 20220413 Ref country code: PT Free format text: LAPSE BECAUSE OF FAILURE TO SUBMIT A TRANSLATION OF THE DESCRIPTION OR TO PAY THE FEE WITHIN THE PRESCRIBED TIME-LIMIT Effective date: 20220816 Ref country code: NO Free format text: LAPSE BECAUSE OF FAILURE TO SUBMIT A TRANSLATION OF THE DESCRIPTION OR TO PAY THE FEE WITHIN THE PRESCRIBED TIME-LIMIT Effective date: 20220713 Ref country code: LT Free format text: LAPSE BECAUSE OF FAILURE TO SUBMIT A TRANSLATION OF THE DESCRIPTION OR TO PAY THE FEE WITHIN THE PRESCRIBED TIME-LIMIT Effective date: 20220413 Ref country code: HR Free format text: LAPSE BECAUSE OF FAILURE TO SUBMIT A TRANSLATION OF THE DESCRIPTION OR TO PAY THE FEE WITHIN THE PRESCRIBED TIME-LIMIT Effective date: 20220413 Ref country code: GR Free format text: LAPSE BECAUSE OF FAILURE TO SUBMIT A TRANSLATION OF THE DESCRIPTION OR TO PAY THE FEE WITHIN THE PRESCRIBED TIME-LIMIT Effective date: 20220714 Ref country code: FI Free format text: LAPSE BECAUSE OF FAILURE TO SUBMIT A TRANSLATION OF THE DESCRIPTION OR TO PAY THE FEE WITHIN THE PRESCRIBED TIME-LIMIT Effective date: 20220413 Ref country code: ES Free format text: LAPSE BECAUSE OF FAILURE TO SUBMIT A TRANSLATION OF THE DESCRIPTION OR TO PAY THE FEE WITHIN THE PRESCRIBED TIME-LIMIT Effective date: 20220413 Ref country code: BG Free format text: LAPSE BECAUSE OF FAILURE TO SUBMIT A TRANSLATION OF THE DESCRIPTION OR TO PAY THE FEE WITHIN THE PRESCRIBED TIME-LIMIT Effective date: 20220713 Ref country code: AT Free format text: LAPSE BECAUSE OF FAILURE TO SUBMIT A TRANSLATION OF THE DESCRIPTION OR TO PAY THE FEE WITHIN THE PRESCRIBED TIME-LIMIT Effective date: 20220413 |
|
PGFP | Annual fee paid to national office [announced via postgrant information from national office to epo] |
Ref country code: IE Payment date: 20220701 Year of fee payment: 11 Ref country code: DE Payment date: 20220628 Year of fee payment: 11 |
|
PG25 | Lapsed in a contracting state [announced via postgrant information from national office to epo] |
Ref country code: RS Free format text: LAPSE BECAUSE OF FAILURE TO SUBMIT A TRANSLATION OF THE DESCRIPTION OR TO PAY THE FEE WITHIN THE PRESCRIBED TIME-LIMIT Effective date: 20220413 Ref country code: PL Free format text: LAPSE BECAUSE OF FAILURE TO SUBMIT A TRANSLATION OF THE DESCRIPTION OR TO PAY THE FEE WITHIN THE PRESCRIBED TIME-LIMIT Effective date: 20220413 Ref country code: LV Free format text: LAPSE BECAUSE OF FAILURE TO SUBMIT A TRANSLATION OF THE DESCRIPTION OR TO PAY THE FEE WITHIN THE PRESCRIBED TIME-LIMIT Effective date: 20220413 Ref country code: IS Free format text: LAPSE BECAUSE OF FAILURE TO SUBMIT A TRANSLATION OF THE DESCRIPTION OR TO PAY THE FEE WITHIN THE PRESCRIBED TIME-LIMIT Effective date: 20220813 |
|
PGFP | Annual fee paid to national office [announced via postgrant information from national office to epo] |
Ref country code: FR Payment date: 20220701 Year of fee payment: 11 |
|
PGFP | Annual fee paid to national office [announced via postgrant information from national office to epo] |
Ref country code: CH Payment date: 20220901 Year of fee payment: 11 |
|
REG | Reference to a national code |
Ref country code: DE Ref legal event code: R097 Ref document number: 602012078037 Country of ref document: DE |
|
PG25 | Lapsed in a contracting state [announced via postgrant information from national office to epo] |
Ref country code: SM Free format text: LAPSE BECAUSE OF FAILURE TO SUBMIT A TRANSLATION OF THE DESCRIPTION OR TO PAY THE FEE WITHIN THE PRESCRIBED TIME-LIMIT Effective date: 20220413 Ref country code: SK Free format text: LAPSE BECAUSE OF FAILURE TO SUBMIT A TRANSLATION OF THE DESCRIPTION OR TO PAY THE FEE WITHIN THE PRESCRIBED TIME-LIMIT Effective date: 20220413 Ref country code: RO Free format text: LAPSE BECAUSE OF FAILURE TO SUBMIT A TRANSLATION OF THE DESCRIPTION OR TO PAY THE FEE WITHIN THE PRESCRIBED TIME-LIMIT Effective date: 20220413 Ref country code: EE Free format text: LAPSE BECAUSE OF FAILURE TO SUBMIT A TRANSLATION OF THE DESCRIPTION OR TO PAY THE FEE WITHIN THE PRESCRIBED TIME-LIMIT Effective date: 20220413 Ref country code: DK Free format text: LAPSE BECAUSE OF FAILURE TO SUBMIT A TRANSLATION OF THE DESCRIPTION OR TO PAY THE FEE WITHIN THE PRESCRIBED TIME-LIMIT Effective date: 20220413 Ref country code: CZ Free format text: LAPSE BECAUSE OF FAILURE TO SUBMIT A TRANSLATION OF THE DESCRIPTION OR TO PAY THE FEE WITHIN THE PRESCRIBED TIME-LIMIT Effective date: 20220413 |
|
PLBE | No opposition filed within time limit |
Free format text: ORIGINAL CODE: 0009261 |
|
STAA | Information on the status of an ep patent application or granted ep patent |
Free format text: STATUS: NO OPPOSITION FILED WITHIN TIME LIMIT |
|
26N | No opposition filed |
Effective date: 20230116 |
|
PG25 | Lapsed in a contracting state [announced via postgrant information from national office to epo] |
Ref country code: AL Free format text: LAPSE BECAUSE OF FAILURE TO SUBMIT A TRANSLATION OF THE DESCRIPTION OR TO PAY THE FEE WITHIN THE PRESCRIBED TIME-LIMIT Effective date: 20220413 |
|
PGFP | Annual fee paid to national office [announced via postgrant information from national office to epo] |
Ref country code: MT Payment date: 20220706 Year of fee payment: 11 |
|
PG25 | Lapsed in a contracting state [announced via postgrant information from national office to epo] |
Ref country code: SI Free format text: LAPSE BECAUSE OF FAILURE TO SUBMIT A TRANSLATION OF THE DESCRIPTION OR TO PAY THE FEE WITHIN THE PRESCRIBED TIME-LIMIT Effective date: 20220413 |
|
PGFP | Annual fee paid to national office [announced via postgrant information from national office to epo] |
Ref country code: IT Payment date: 20230925 Year of fee payment: 12 Ref country code: GB Payment date: 20230925 Year of fee payment: 12 |
|
REG | Reference to a national code |
Ref country code: DE Ref legal event code: R119 Ref document number: 602012078037 Country of ref document: DE |
|
PG25 | Lapsed in a contracting state [announced via postgrant information from national office to epo] |
Ref country code: MC Free format text: LAPSE BECAUSE OF NON-PAYMENT OF DUE FEES Effective date: 20230831 |
|
REG | Reference to a national code |
Ref country code: CH Ref legal event code: PL |
|
PG25 | Lapsed in a contracting state [announced via postgrant information from national office to epo] |
Ref country code: MC Free format text: LAPSE BECAUSE OF NON-PAYMENT OF DUE FEES Effective date: 20230831 Ref country code: HU Free format text: LAPSE BECAUSE OF FAILURE TO SUBMIT A TRANSLATION OF THE DESCRIPTION OR TO PAY THE FEE WITHIN THE PRESCRIBED TIME-LIMIT; INVALID AB INITIO Effective date: 20120809 |
|
PG25 | Lapsed in a contracting state [announced via postgrant information from national office to epo] |
Ref country code: LU Free format text: LAPSE BECAUSE OF NON-PAYMENT OF DUE FEES Effective date: 20230809 |
|
PG25 | Lapsed in a contracting state [announced via postgrant information from national office to epo] |
Ref country code: LU Free format text: LAPSE BECAUSE OF NON-PAYMENT OF DUE FEES Effective date: 20230809 Ref country code: CY Free format text: LAPSE BECAUSE OF FAILURE TO SUBMIT A TRANSLATION OF THE DESCRIPTION OR TO PAY THE FEE WITHIN THE PRESCRIBED TIME-LIMIT Effective date: 20220413 Ref country code: CH Free format text: LAPSE BECAUSE OF NON-PAYMENT OF DUE FEES Effective date: 20230831 |
|
REG | Reference to a national code |
Ref country code: BE Ref legal event code: MM Effective date: 20230831 |
|
REG | Reference to a national code |
Ref country code: IE Ref legal event code: MM4A |